Internal Assessment

Overview

Foundstone security consultants follow a tried, tested, and proven methodology to conduct superior internal network security assessments. By focusing on protecting the right assets from the right threats with the right measures, the highest levels of assurance and business value are achieved for our customers.

The process begins with securing internal devices on your network. Foundstone security consultants identify and thoroughly test potential points of attack after enumerating every live host, open port, and available service. These vectors are often found on loosely secured internal hosts. Foundstone attempts to identify all vulnerabilities and focuses on areas in which a compromise would have the greatest impact and highest risk to your business. We also understand the policies and regulations that drive the need for security in industries ranging from e-commerce, financial services, and health care. Our analysis is not disruptive to your organization, and causes minimal or no impact on staff and business productivity.

Key Benefits

Protect your internal networkGet a comprehensive list of all security vulnerabilities on your internal infrastructure. Verify if your networks and applications can be penetrated from the inside. Foundstone Vulnerability Assessment uses McAfee Vulnerability Manager software, which provides a rapid and efficient inventory of the devices, services, and vulnerabilities within your internal networks.

Get next step recommendationsAn in-depth analysis of your vulnerabilities determines systemic causes and strategic recommendations. Foundstone categorizes and prioritizes the recommendations by people, process, and technology. Deliverables include a comprehensive Security Assessment Technical Report, an Executive Summary, and a half-day presentation and results review workshop.

Methodology

Information gatheringThe information gathering phase results in a detailed blueprint of your company’s network that lists the types of hosts and their operating systems. This allows us to achieve a thorough network mapping and overcome any blind spots you might have. We gather domain names, IP network ranges, and information about hosts, such as operating systems and applications.

Vulnerability scanningThe details collected during the information gathering phase are used to perform vulnerability scanning and penetrate systems. Foundstone takes a holistic view of the network and chains multiple, low-risk vulnerabilities in order to achieve a high level of access into the target network. This vulnerability linking typically culminates in pilfering sensitive data such as password hashes, restricted databases, or attaining access to specific assets that your company identifies as critical.

Penetration testingFoundstone's network penetration testing provides the most thorough test of internal defenses available. Foundstone consultants scrutinize internal systems for any weakness or information that could be used by an internal attacker to disrupt the confidentiality, availability, or integrity of the internal network.